Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
696
Views
0
Helpful
11
Replies

ASA redundant connection issue

Go to solution
mohammad saeed
Level 5
Level 5

‎07-04-2015 04:15 AM - edited ‎03-11-2019 11:13 PM

Hi Guys,

 

I have one ASA connect to core with one interface (inside interface) I need to add another connection from the same ASA to other core for redundancy.

 

Can I do that? or not?

 

Thanks for all.

 

Mohammad Saeed

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Ji-Won Park
Level 1
Level 1

‎07-04-2015 08:29 AM

Hi Mohammad,

 

Of course you can do that. However, you need to know how the core switches are designed - it would be a different setup between VSS or HSRP/VRRP environment. If you have them stacked or VSSed, then you can do MEC to ASA primary bundling two ports into one channel (2Gb).

Hope this helps

 

g1

View solution in original post

0 Helpful
11 Replies 11

Go to solution
Ji-Won Park
Level 1
Level 1

‎07-04-2015 08:29 AM

Hi Mohammad,

 

Of course you can do that. However, you need to know how the core switches are designed - it would be a different setup between VSS or HSRP/VRRP environment. If you have them stacked or VSSed, then you can do MEC to ASA primary bundling two ports into one channel (2Gb).

Hope this helps

 

g1

0 Helpful

Go to solution
mohammad saeed
Level 5
Level 5
In response to Ji-Won Park

‎07-04-2015 09:02 AM

Hi Ji Won Park,

 

Thanks for helping me.

 

Yes I have VSS between them, could you suggest me a link which show me how to configure that in ASA and core 6509-e?

 

 

Thanks

 

Mohammad

0 Helpful

Go to solution
mohammad saeed
Level 5
Level 5
In response to mohammad saeed

‎07-04-2015 10:03 AM

Hi,

 

I got it through this link : 

http://www.cisco.com/c/en/us/td/docs/security/asa/asa93/configuration/general/asa-general-cli/interface-basic.html#15142

 

But I want to ask, which one is better to create redundant link or Etherchannel?

 

Thanks,

 

Mohammad

0 Helpful

Go to solution
Ji-Won Park
Level 1
Level 1
In response to mohammad saeed

‎07-04-2015 10:12 AM

Hi Mohammad, Again, it depends on your ASA design. Is it active/active or active/standby? If its active/standby mode then you would want to do EtherChannel as you get link redundancy and both links will be in forwarding mode from Active ASA perspective. g1
0 Helpful

Go to solution
mohammad saeed
Level 5
Level 5
In response to Ji-Won Park

‎07-04-2015 10:18 AM

Hi Ji Won,

 

I have One ASA and two 6509-e cores, So I think it's better to create an etherchannel?! Am I right?

 

Thanks a lot,

 

Mohammad

0 Helpful

Go to solution
Ji-Won Park
Level 1
Level 1
In response to mohammad saeed

‎07-04-2015 10:20 AM

Yes sir, it would be one switch to one asa logically since your cat6ks are VSSed. Very simple design - you shouldn't have any issues with that. g1
0 Helpful

Go to solution
mohammad saeed
Level 5
Level 5
In response to Ji-Won Park

‎07-04-2015 10:30 AM

Got it. 

 

Many thanks to you :-)

0 Helpful

Go to solution
Ji-Won Park
Level 1
Level 1
In response to mohammad saeed

‎07-04-2015 10:32 AM

No problem. I'm glad it was helpful! :)
0 Helpful

Go to solution
mohammad saeed
Level 5
Level 5
In response to Ji-Won Park

‎07-04-2015 10:57 AM

I have another issue with ping from GW to core.

 

I have this scenario (GW------ASA-------Core) I can ping between ASA+GW and ASA+core but I can't ping between Core + GW!

 

What is the problem?

 

Thanks.

0 Helpful

Go to solution
Ji-Won Park
Level 1
Level 1
In response to mohammad saeed

‎07-04-2015 10:58 AM

Mohammad, please start the new thread for the new question. Thanks g1
0 Helpful

Go to solution
mohammad saeed
Level 5
Level 5
In response to Ji-Won Park

‎07-04-2015 12:31 PM

Thanks, Here it is: https://supportforums.cisco.com/discussion/12549546/asa-firewall-connectivity

 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card